- Topic
70k Popularity
44k Popularity
38k Popularity
35k Popularity
76k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win. - 📢 Gate Square Exclusive: #WXTM Creative Contest# Is Now Live!
Celebrate CandyDrop Round 59 featuring MinoTari (WXTM) — compete for a 70,000 WXTM prize pool!
🎯 About MinoTari (WXTM)
Tari is a Rust-based blockchain protocol centered around digital assets.
It empowers creators to build new types of digital experiences and narratives.
With Tari, digitally scarce assets—like collectibles or in-game items—unlock new business opportunities for creators.
🎨 Event Period:
Aug 7, 2025, 09:00 – Aug 12, 2025, 16:00 (UTC)
📌 How to Participate:
Post original content on Gate Square related to WXTM or its
The Cetus protocol suffered a $230 million attack, with an overflow vulnerability leading to a massive theft of funds.
Cetus protocol suffers $230 million attack, detailed explanation of attack methods and fund flow
On May 22, Cetus, a liquidity provider in the SUI ecosystem, was suspected of being attacked, resulting in significant drops in several trading pairs, with estimated losses exceeding $230 million. Cetus subsequently announced that it has suspended its smart contracts and is investigating the incident.
The Slow Fog Security Team quickly intervened for analysis and issued a security alert. Below is a detailed analysis of the attack methods and the status of fund transfers.
Attack Analysis
The attacker bypasses detection by carefully constructing parameters and exploiting overflow vulnerabilities, exchanging a minimal amount of tokens for a massive amount of liquidity assets. The specific steps are as follows:
The attacker borrowed 10,024,321.28 haSUI through a flash loan, causing the pool price to plummet by 99.90%.
The attacker chose a very narrow price range to open a liquidity position, with a range width of only 1.00496621%.
Attack Core: The attacker claims to add huge liquidity, but the system only received 1 token A due to a vulnerability.
The attacker removes liquidity and gains huge token rewards:
The attacker returned the flash loan, netting approximately 10,024,321.28 haSUI and 5,765,124.79 SUI.
vulnerability reason
The key to a successful attack lies in the overflow detection bypass vulnerability in the checked_shlw function within get_delta_a. Any input less than a specific value will bypass the overflow detection, but after a left shift of 64 bits, the result exceeds the u256 range, causing the high-order data to be truncated, leading the system to underestimate the required amount of haSUI.
project party repair
Cetus has released a patch that mainly fixes the checked_shlw function:
Capital Flow Analysis
The attacker profited approximately $230 million, including various assets such as SUI, vSUI, and USDC. Some of the funds were transferred to EVM addresses through cross-chain bridges. The attacker also deposited about $10 million into Suilend and transferred 24,022,896 SUI to a new address.
According to Cetus, with the assistance of institutions such as the SUI Foundation, approximately $162 million of stolen funds on SUI has been successfully frozen.
The address receiving cross-chain funds on EVM received 5.2319 BNB on BSC and a large amount of USDT, USDC, SOL, and ETH on Ethereum. Most of these assets were exchanged for ETH, with 20,000 ETH being transferred to another address.
summary
This attack demonstrates the dangers of mathematical overflow vulnerabilities. The attacker exploited the defect in the checked_shlw function through precise calculations to gain massive liquidity at a very low cost. Developers should rigorously validate the boundary conditions of all mathematical functions in smart contracts to prevent similar attacks.